From 63364eed75188f2c0c87cff11ad0b0b72c85f4f7 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Thu, 19 Apr 2012 19:11:13 +0200
Subject: [PATCH] MEDIUM: acl: acl_find_target() now resolves arguments based
 on their types

This function does not rely on the keyword anymore but just on its type.
It's much cleaner and much safer. It should be extended to do the same for
all PRX type arguments.
---
 src/acl.c | 127 ++++++++++++++++++++++++++----------------------------
 1 file changed, 62 insertions(+), 65 deletions(-)

diff --git a/src/acl.c b/src/acl.c
index eb1dd60b92..aab7f41baf 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -1959,91 +1959,88 @@ acl_find_targets(struct proxy *p)
 	struct acl_expr *expr;
 	struct acl_pattern *pattern;
 	struct userlist *ul;
+	struct arg *arg;
 	int cfgerr = 0;
 
 	list_for_each_entry(acl, &p->acl, list) {
 		list_for_each_entry(expr, &acl->expr, list) {
-			if (strcmp(expr->kw->kw, "srv_is_up") == 0 ||
-			    strcmp(expr->kw->kw, "srv_conn") == 0) {
-				struct proxy *px;
-				struct server *srv;
-				char *pname, *sname;
-
-				/* FIXME: at the moment we check argument types from the keyword,
-				 * but later we'll simlpy inspect argument types.
-				 */
-				if (!expr->args || !expr->args->data.str.len) {
-					Alert("proxy %s: acl %s %s(): missing server name.\n",
-						p->id, acl->name, expr->kw->kw);
-					cfgerr++;
-					continue;
-				}
+			for (arg = expr->args; arg; arg++) {
+				if (arg->type == ARGT_STOP)
+					break;
+				else if (arg->type == ARGT_SRV) {
+					struct proxy *px;
+					struct server *srv;
+					char *pname, *sname;
+
+					if (!expr->args->data.str.len) {
+						Alert("proxy %s: acl '%s' %s(): missing server name.\n",
+						      p->id, acl->name, expr->kw->kw);
+						cfgerr++;
+						continue;
+					}
 
-				pname = expr->args->data.str.str;
-				sname = strrchr(pname, '/');
+					pname = expr->args->data.str.str;
+					sname = strrchr(pname, '/');
 
-				if (sname)
-					*sname++ = '\0';
-				else {
-					sname = pname;
-					pname = NULL;
-				}
+					if (sname)
+						*sname++ = '\0';
+					else {
+						sname = pname;
+						pname = NULL;
+					}
+
+					px = p;
+					if (pname) {
+						px = findproxy(pname, PR_CAP_BE);
+						if (!px) {
+							Alert("proxy %s: acl '%s' %s(): unable to find proxy '%s'.\n",
+							      p->id, acl->name, expr->kw->kw, pname);
+							cfgerr++;
+							continue;
+						}
+					}
 
-				px = p;
-				if (pname) {
-					px = findproxy(pname, PR_CAP_BE);
-					if (!px) {
-						Alert("proxy %s: acl %s %s(): unable to find proxy '%s'.\n",
-						      p->id, acl->name, expr->kw->kw, pname);
+					srv = findserver(px, sname);
+					if (!srv) {
+						Alert("proxy %s: acl '%s' %s(): unable to find server '%s'.\n",
+						      p->id, acl->name, expr->kw->kw, sname);
 						cfgerr++;
 						continue;
 					}
-				}
 
-				srv = findserver(px, sname);
-				if (!srv) {
-					Alert("proxy %s: acl %s %s(): unable to find server '%s'.\n",
-					      p->id, acl->name, expr->kw->kw, sname);
-					cfgerr++;
+					free(expr->args->data.str.str);
+					expr->args->data.srv = srv;
 					continue;
 				}
+				else if (arg->type == ARGT_USR) {
+					if (!expr->args->data.str.len) {
+						Alert("proxy %s: acl '%s' %s(): missing userlist name.\n",
+						      p->id, acl->name, expr->kw->kw);
+						cfgerr++;
+						continue;
+					}
 
-				free(expr->args->data.str.str);
-				expr->args->data.srv = srv;
-				continue;
-			}
-
-			if (strstr(expr->kw->kw, "http_auth") == expr->kw->kw) {
-
-				/* FIXME: at the moment we check argument types from the keyword,
-				 * but later we'll simlpy inspect argument types.
-				 */
-				if (!expr->args || !expr->args->data.str.len) {
-					Alert("proxy %s: acl %s %s(): missing userlist name.\n",
-						p->id, acl->name, expr->kw->kw);
-					cfgerr++;
-					continue;
-				}
+					if (p->uri_auth && p->uri_auth->userlist &&
+					    !strcmp(p->uri_auth->userlist->name, expr->args->data.str.str))
+						ul = p->uri_auth->userlist;
+					else
+						ul = auth_find_userlist(expr->args->data.str.str);
 
-				if (p->uri_auth && p->uri_auth->userlist &&
-				    !strcmp(p->uri_auth->userlist->name, expr->args->data.str.str))
-					ul = p->uri_auth->userlist;
-				else
-					ul = auth_find_userlist(expr->args->data.str.str);
+					if (!ul) {
+						Alert("proxy %s: acl '%s' %s(%s): unable to find userlist.\n",
+						      p->id, acl->name, expr->kw->kw, expr->args->data.str.str);
+						cfgerr++;
+						continue;
+					}
 
-				if (!ul) {
-					Alert("proxy %s: acl %s %s(%s): unable to find userlist.\n",
-						p->id, acl->name, expr->kw->kw, expr->args->data.str.str);
-					cfgerr++;
-					continue;
+					free(expr->args->data.str.str);
+					expr->args->data.usr = ul;
 				}
-
-				free(expr->args->data.str.str);
-				expr->args->data.usr = ul;
-			}
+			} /* end of args processing */
 
 
 			if (!strcmp(expr->kw->kw, "http_auth_group")) {
+				/* note: argument resolved above thanks to ARGT_USR */
 
 				if (LIST_ISEMPTY(&expr->patterns)) {
 					Alert("proxy %s: acl %s %s(): no groups specified.\n",
-- 
2.47.3